GP Psychology Privacy Policy

 Committed to protecting your privacy


If you contact me via this website, phone, or a third party provider such as Psychology Today, I will collect and keep some of your details. This includes name, email or phone number, and reason for accessing therapy. To maintain privacy, this information will be kept on a secure Cloud platform. If you contact me and do not access therapy these details will be kept for one year. This is so I have a record, incase you choose to contact me again during this time.

Any information shared in the contact form or emails will remain confidential and will not be shared with any other party. The only time this confidentiality would be broken is if the content included information which put yourself or another person at significant risk of harm. In this circumstance, I have a duty of care to pass information to relevant agencies. Wherever possible I would discuss this with you first.

Once your query has been dealt with, if you do not pursue therapy or other services, I will permanently destroy all emails, text messages, voicemails and written correspondence within seven days of last contact.


The General Data Protection Regulation (GDPR), came into effect on 25th May 2018 and provides a legal framework for ensuring the safety of personal information by organisations. The framework insists that organisations have effective systems in place for handling and storing personal information. It also stipulates that people cannot be contacted by organisations without having given permission for sharing of information.

The following privacy notice outlines how GP Psychology manages your data and your rights in relationship this.  Gemma Pearson is the Data Protection Officer (DPO) for the business.

What information do I collect?

To enable engagement in therapy I will store some personal information which may include your name, telephone number, email address, postal address on a database.  This information may be provided by you or by a referrer e.g. an insurance company/ private referrer.  

During therapy I will likely make some paper notes and diagrams.  I also will keep an electronic record that will include a short summary of what the session has discussed.    Other electronic information may include typed up information, assessments or formulations.  

Securing your personal information 

Any personal information gathered in therapy sessions on paper will be stored in a locked cabinet in a secure environment.   Paper documentation will be scanned and at this point paper copies will be destroyed.  All data that is collected or kept electronically will be saved in a secure encrypted cloud service.  I use a GDPR compliant practice management programme called Writeupp.  

In line with professional standards and expectations laid out in my indemnity insurance, following the end of therapy your information will be saved for 7 years before being securely destroyed.  You are able to ask that information is destroyed earlier than this if your wish. 

You will always be offered copies of any documents produced as part of therapy.  

 Sharing of Information:

If you have been referred by a referring agency or insurance company they often require reports across the duration of assessment and therapy.  I will use the information you share with me in sessions to provide referrers with a brief summary of assessment and treatment outcomes, e.g. the progress made in relation to goals.  Any such reports will be shared with you prior to submission.  No sensitive information would be divulged unless specific permission has been received from yourself.  Reports are shared with referrers electronically, and sent either via secure email systems, e.g. Egress, or documents are password protected and the password is provided in a separate email. Different referring agencies have different requirements for sharing of reports.

Your details will not be shared with others without your consent. The exception to this is if there were a situation where I had a pressing concern regarding the safety of yourself or others.  At these times I will make every effort to discuss this with you as soon as possible.  However, it may not be appropriate to seek your consent before sharing with appropriate agencies, such as GP, police or other relevant professionals.  I prioritise keeping people safe at all times.  

I may also be required to share your personal information with others where there are legal proceedings or in complying with legal obligations, a court order, or the instructions of a government authority.  I will discuss this with you prior to disclosing information, however I may have to do this as a legal obligation where consent is not required.

I will not sell, distribute or lease your personal information to third parties. I require third parties to respect the security of your data and to treat it in accordance with the law.

If you agree to recording of sessions for my CPD these will be recorded  and securely saved on an GDPR compliant cloud storage system (Writeupp).   These recordings will be shared with my supervisor, using secure email and sharing systems (Egress).   You can withdraw your consent for this at any time.  

Your rights 

Under data protection law you have the right to change or withdraw your consent and to request details of any personal data that we hold about you. You are able to request access to your notes by putting your request in writing using the contact details for the business. You will be provided with your information within 40 days. You are able to check records for accuracy, and request correction or deletion of your information. It is recommended that if you request to see your notes, that you go through them with me so that any concerns or queries can be addressed there and then.   

You can also request that your information be deleted or destroyed before the 7 year expiration date. I will discuss each request with you and relevant parties, e.g. referring agencies.  I will also seek advice from my professional governing bodies, e.g. The Health Care and Professions Council (HCPC) and the Information Commission Office (ICO) on a case-by-case basis at the time of the request.

If I am aware of any breach of personal data security, I will contact you as soon as possible to discuss this. Where appropriate, I will advise the ICO.

GP Psychology is registered with the ICO. If you wish to complain to the ICO about my GDPR compliance, you can contact them directly. The ICO website is

Further Information

If you wish to discuss privacy, GDPR or confidentiality, or have any further questions, please contact me.


Therapy | Supervision | Assessment